Integrated Solution for Healthcare 


Security Management Solution for Automating 
Compliance with HIPAA Standard 


Qualys and ArcSight Joint Solution Eases Compliance 


Whether large healthcare organizations are ready or not, the deadline looms on April 20, 2005 for compliance 
with security requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Rules 
issued by the Department of Health and Human Services mandate compliance by healthcare organizations 
that create, store or transmit electronic protected health information. 


Compliance with HIPAA is challenging because its comprehensive technical, physical, and administrative 
safeguards for security require many technologies and processes. Roadblocks include limited budgets and 
technical staff, which curb the ability to do real time security management, perform security audits and 
document compliance. To solve these challenges, Qualys and ArcSight have jointly integrated a best-in-class 
healthcare security management solution that automates many requirements for HIPAA. 


Automation Cuts Costs, Streamlines Compliance 


The automated joint solution from Qualys and ArcSight integrates the security industry’s leading solutions for 
Vulnerability Management and Enterprise Security Management. With the on demand, automated 
QualysGuard solution, healthcare organizations can quickly find, rank, and track all vulnerabilities using the 
most comprehensive, award-winning security audit technology available. QualysGuard automates security 
audits and reporting, provides remediation capabilities with trouble tickets and verified fixes to vulnerabilities, 
and requires no infrastructure to deploy or manage. ArcSight ESM logs and correlates all security events 
across the enterprise. 
The joint solution 
automatically validates 
accuracy and relevance 


Joint Solution for Automating Security Compliance 
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importing vulnerability | 
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ArcSight fulfills HIPAA ey 
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documenting workflow 
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Other Devices 


Joint Solution Features and Compliance Capabilities 


HIPAA Requirement 
Evaluation 


Security Management 


Risk Analysis 


Risk Management 


Information System Activity 
Review 


Security Incident 
Procedures 


Incident Response and 
Reporting 


Awareness and Training 


Security of Business 
Partners 


QualysGuard Capabilities 


Provides on demand audits to 
automatically measure, test and 
document security compliance 


Complete automated system for 
security audits and vulnerability 
management 


Largest database of vulnerability 
tests and intelligent scanning for 
comprehensive, accurate audits 


Reports automatically assess risks 
and priorities for vulnerability 
remediation 


Automatically documents all security 
vulnerabilities and subsequent 
remediation 


Provides hard data for incident 
response 


Accurate scans automatically 
confirm vulnerabilities and provide 
one-click links to verified fixes 


Cuts guesswork in teaching staff and 
management about real-world 
protection of the network 


Automates and documents network 
security audits of business 
associates 


ArcSight ESM Capabilities 


Delivers empirical, long term and 
holistic fact base for evaluating 
organizational security program 


Automates monitoring policies and 
procedures with business-relevant 
correlation and workflow 


Provides empirical reports to 
synthesize segments and systems 
most at risk 


Automates remedial workflow based 
on risks relative to business 
priorities 

Automates activity review with 
centralized collection, analysis and 
reporting of all security events 


Workflow and audit capabilities save 
time, enforce accountability and 
reduce complexity of procedures 


Centralized communication platform 
streamlines response and reporting 


Customizable knowledge base 
ensures central coordination of 
information for training 


Centralizes repository of audit data 
for business associate contracts 


To Learn More 


We invite you to contact a sales representative at either company to learn more about the Integrated 
Enterprise Security Management Solution for Healthcare. Qualys: (650) 801-6160. ArcSight: (408) 864-2600. 


About Qualys 


Qualys, Inc. is the leader in on demand 
vulnerability management. The company 
allows organizations of all sizes to effectively 
secure their networks, conduct automated 
security audits, and ensure compliance. Qualys 
automates the discovery and remediation of 
security vulnerabilities. The web-based 
technology requires no capital outlay or 
infrastructure to deploy and manage. 
Thousands of customers rely on Qualys, 
including leading healthcare organizations such 
as Novartis, Kaiser Permanente, Geisinger 
Health System, Cedars-Sinai Medical Center 
Cincinnati Children’s Hospital, and others. To 
learn more, please visit www.qualys.com. 


About ArcSight 


ArcSight, Inc. is the leader in Enterprise 
Security Management (ESM) solutions. The 
award winning ArcSight ESM enables 
enterprises to centrally manage information 
risk. By comprehensively collecting data such 
as from QualysGuard, ArcSight ESM provides 
accurate, real time internal, external threat 
management and compliance reporting. 
Customers include leaders in financial services, 
banking, telecommunications, high technology, 
retail, healthcare, and biotech, plus more than 
20 large federal agencies. To learn more, 


please visit www.arcsight.com. 


